SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
How to address the security risks created by big data
Thu, 8th Jun 2017
FYI, this story is more than a year old

Big data is full of possibilities - including possibilities for security breaches. The more data your organisation has, the more likely they'll be targeted by an attack according to advice from Aleron.

“Never before has so much information been so readily available to organisations. Those that have worked out how to aggregate and analyse that data effectively are reaping benefits such as better, faster decision-making, improved understanding of customer behaviour, and the ability to predict some future events," comments Alex Morkos, Aleron's director.

However, he believes that organisations haven't quite mastered the security challenges associated with it.

“The more data an organisation possesses, the more likely it is that they'll be a target for attack. This is especially true if they collect and store sensitive information such as credit card details, mailing addresses, passwords, and so on; cybercriminals can gain big financial rewards once they have their hands on this data.

Breaches also come with tough consequences, and not just through financial penalties. Once customers lose faith in businesses, it's hard to get them back.

“Data is both friend and foe; it can help organisations be more effective but it can also make them a target. Too many organisations are holding onto massive amounts of data that they don't need anymore. When the analysis project is done, businesses should look to dispose of the information safely. However, for many organisations there's almost a fear of missing out if they delete the data," Morkos explains.

Aleron has put together a list of six key tips to protect data and reputations:

1. Decide what data really needs to be collected. Some businesses collect data for its own sake rather than for a specific analysis purpose. This is dangerous, as it leads to overwhelming amounts of data that are hard to protect. Businesses should limit data collection to the information required for specific purposes. This is also a requirement of the Australian Privacy Act.

2. Understand the value of data. Many organisations don't even know what data they possess, nor do they know its value. This value increases the more data is connected. Until the value is known, organisations can't make informed decisions on what to do with that data and how to protect it.

3. Classify data so it can be found. Data is constantly in motion. Classifying it makes it easier to find and, therefore, protect.

4. Employ a mature data infrastructure team. Managing data appropriately is essential to minimising the risk. This means storing or managing the storage of data in a way it can defend itself, or being able to de-personalising information where possible and deleting it where appropriate.

5. Know where the data lives. For some organisations, data lives in a mixture of on-premise and cloud-based repositories and is regularly transmitted for analysis purposes. It's important to know where data lives and how those locations may affect its safety. For example, data stored in offshore data centers may not be subject to the same privacy laws as data held in Australia.

6. Educate staff regarding data policies. Staff members are often the weakest link in data protection, albeit often unwittingly. Educating staff regarding data collection, storage, and analysis policies and procedures reduces the chances they will inadvertently cause a breach.

“Businesses shouldn't be afraid to leverage big data. However, they should protect themselves and their customers and stakeholders by putting strong security measures in place. This includes security technology as well as processes and policies designed to keep information safe, both at rest and in transit," Morkos concludes.